The attorney general of the U.S. state of Connecticut is concerned about the privacy implications of Apple Watch’s handling of consumers’ health information.
In a letter to Apple CEO Tim Cook, George Jepsen has asked for a meeting with company representatives to discuss his concerns about how personal consumer information collected through the Apple Watch will be stored and safeguarded, the attorney general’s office said Monday.
Apple unveiled earlier this month a digital watch that will double as a fitness tracker and run a variety of apps. The company said the watches will be available next year.
Jepsen wants to know at the proposed meeting with Apple whether personal and health information will be stored on the Apple Watch itself and/or on its servers, and if so, how this information will be safeguarded.
The attorney general clarified that he was not making an accusation at Apple but was extending an invitation for a dialogue. He wrote to Cook that it was an appropriate time to discuss the security of personal information ahead of the availability of the watch to the public.
Apple could not be immediately reached for comment. The company’s App Store Review Guidelines, referred to in Jepsen’s letter, warns developers of apps using the HealthKit framework that users’ health information is not to be stored in iCloud, and apps are prohibited from sharing data collected using the HealthKit API with third parties without user consent.
Jepsen is, however, interested in knowing how Apple will enforce and monitor applications’ compliance with its guidelines on users’ health information. He wants to know what information Apple Watch and its applications will collect from users, and how consent from users will be obtained to collect and share the information.
The attorney general also asked Apple whether it will review the contents of the privacy policy of application developers to ensure that health information is safeguarded.
Jepsen had concerns earlier of a similar nature about Google Glass, and said Google had agreed about safeguards for third party applications. Through a meeting with the attorney general and subsequent communications, the company “implemented a policy requiring review and approval of third-party applications developed for the device before they would be made available to users,” the attorney general said.